Linux is a multi-user operating system. This means multiple users can use the same Linux computer simultaneously, each with their own private space and files, while also sharing some system resources. This lab will introduce you to the basics of user management and file permissions in Linux, concepts that are crucial for system administration and security.
In Linux, each user has a unique username. Let's start by identifying which user we're currently logged in as.
Open the terminal and enter the following command:
whoamiThe whoami command is a simple tool that displays the username of the current user.
You should see output similar to this:
labex:project/ $ whoami
labexThis indicates that you're currently logged in as the user "labex".
Now, let's create a new user. In Linux, creating new users requires administrative privileges. We'll use the sudo command to gain these privileges.
sudo stands for "Superuser Do". It allows regular users to execute commands as the superuser (or root user).
Before we create a new user, let's discuss the concept of primary groups. In Linux, every user belongs to a primary group and can belong to multiple secondary groups. The primary group is typically used as the group owner for files that the user creates.
When you create a new user with adduser, it automatically creates a primary group for that user with the same name as the username. This is called a User Private Group (UPG) scheme.
Enter the following command to create a new user named "jack":
sudo adduser jackThis command will:
You'll be prompted to set a password for jack and provide some additional information. You can set a simple password (like "password") and press Enter to use the default values for other information.
After creating the user, let's confirm that a home directory was created for jack and check jack's primary group:
ls /home
id jackThe id command will show you jack's user ID (UID), primary group ID (GID), and any secondary groups.
In Linux, user groups are a way to organize multiple users for permission management. Each user has a primary group and can belong to multiple secondary groups. Let's explore the groups our current user belongs to:
id labexYou should see output similar to:
uid=5000(labex) gid=5000(labex) groups=5000(labex),27(sudo),121(ssl-cert),5002(public)This shows that:
labex has a user ID (UID) of 5000labex is also named labex with a group ID (GID) of 5000labex belongs to several secondary groups, including sudo, ssl-cert, and publicNow, let's view all groups on the system:
cat /etc/group | sortThe cat command displays file contents, /etc/group is where group information is stored, and | sort sorts the output alphabetically.
To see only groups related to labex, use:
cat /etc/group | grep -E "labex"grep is a powerful search tool. This command searches for lines containing "labex" in the group file.
Let's create a new group called "developers" and add our new user "jack" to this group:
First, create the new group:
sudo groupadd developersNow, add jack to the developers group:
sudo usermod -aG developers jackThe usermod command modifies user accounts. The -aG option adds the user to a supplementary group.
To verify that jack is now a member of the developers group, use:
groups jackYou should see "developers" listed among jack's groups.
Now that we've created the user jack, let's give him sudo privileges by adding him to the sudo group. But first, let's understand why this is important:
Adding a user to the sudo group allows them to execute commands with superuser or root privileges. This is useful for several reasons:
To add jack to the sudo group, use this command:
sudo usermod -aG sudo jackThis command uses usermod to modify the user account. The -aG option means "append to group", so it adds jack to the sudo group without removing him from other groups.
After adding jack to the sudo group, you can verify his group membership with:
sudo groups jackYou should see sudo listed among jack's groups.
By adding jack to the sudo group, we've given him the ability to perform administrative tasks on the system. However, it's important to remember that with great power comes great responsibility. Users with sudo privileges should be trusted and understand the implications of their actions, as they can potentially affect the entire system.
In Linux, file permissions and ownership are crucial for system security. Let's explore these concepts and learn how to manipulate them.
ls -l /homeYou'll see output similar to:
total 8
drwxr-xr-x 2 jack jack 4096 Jul 30 10:00 jack
drwxr-xr-x 5 labex labex 4096 Jul 30 09:55 labexLet's break down what this means:
d for directory, - for regular file)r means read permission, w means write permission, and x means execute permissiontouch /home/labex/testfile
ls -l /home/labex/testfile
sudo chown jack:jack /home/labex/testfile
ls -l /home/labex/testfileThe touch command creates an empty file. Initially, the file will be owned by labex. We then use chown to change the ownership to jack for both user and group.
Why change ownership? In Linux, file owners have special privileges over their files. By changing ownership, we're giving jack full control over this file.
sudo chmod 750 /home/labex/testfile
ls -l /home/labex/testfileThe chmod command changes the file's permissions. The number 750 is a shorthand way to set permissions:
This permission set means:
Why set these permissions? This is a common permission set that allows the owner full access, gives the group limited access, and restricts access for everyone else. It's a balance between usability and security.
Understanding file permissions and ownership is crucial in Linux. It allows you to control who can read, modify, or execute files, which is fundamental to system security and user privacy. As you continue working with Linux, you'll find yourself frequently using these commands to manage access to files and directories.
Congratulations! You've completed the Linux User Group and File Permissions lab. You've learned how to:
These skills are fundamental for managing users and securing files in a Linux environment. As you continue your Linux journey, you'll find these concepts essential for system administration and security.
